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(54) Process for controlling access to a domestic network and device implementing the process 



(57) The present invention relates to a process mak- 
ing it possible to control access to at least one terminal 
with address AD by at least one scrambled item with the 
aid of at least one control word. 

The process according to the invention comprises 
a step making it possible to construct a descrambling 



item in the form of a message (I) containing the control 
word (CW), a datum (PtD(CW)) making it possible to 
identify the scrambled item and the address AD of the 
terminal. 

The invention applies more particularly to the con- 
trol of access for terminals constituting a network. 
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Description 

[0001] The present invention relates to a conditional 
access system and, more particularly, to a conditional 
access system for a domestic network. 
[0002] A conditional access system allows a service 
provider to supply his services solely to users having 
acquired entitlements to these services. Such is the 
case, for examp!e : in paid television systems. 
[0003] As is known to a person skilled in the art, the 
service supplied by a service provider consists of an 
item of information scrambled by control words. The 
scrambled item can be descrambled, and therefore read 
by the user, only with regard to the entitlements allocat- 
ed to this user. 

[0004] To descramble the item, the service provider 
supplies each user with the control words which served 
for scrambling the item. To keep the control words se- 
cret, they are supplied after having been encrypted with 
an algorithm with key K. The various encrypted control 
words are sent to the various users in control messages 
which will be denoted ECM hereinafter (ECM standing 
for "Entitlement Control Message"). 
[0005] According to the prior art, an ECM consists of 
a header and a payload. 

[0006] The header gives, inter alia, the type and size 
of the items contained in the payload of the ECM. The 
payload consists, inter alia, of an item containing the set 
of conditions for access to the service supplied by the 
provider an item containing at least one control word 
encrypted with the algorithm with key K and an item con- 
taining a datum depending on the key K and making it 
possible to validate and verify the content of the ECM 
and, more particularly, access conditions contained in 
the ECM. 

[0007] So as to accord access to its service solely to 
authorized users, the service provider supplies a smart 
card and a decoder to each of the users. 
[0008] The smart card makes it possible, on the one 
hand, to validate and record the entitlements which the 
user has to the service delivered and, on the other hand, 
to decrypt, with the aid of the key K, the encrypted con- 
trol words. For this purpose, the smart card contains the 
key K of the algorithm which allowed the encryption of 
the control words. 

[0009] The decoder, for its part, makes it possible to 
descramble the scrambled item on the basis of the item 
consisting of the encrypted control words from the smart 
card. 

[001 0] The entitlements of each user are sent in mes- 
sages for managing the user's entitlements which will 
subsequently be denoted EMM (the abbreviation EMM 
standing for "Entitlement Management Message"). 
[0011] According to the prior art. a message EMM 
consists of a header and a payload. The payload of the 
EMM contains three main items: 

a first item giving the address of the user's card: 
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a second item giving the description of the user's 
entitlements: 

a third item making it possible to validate the EMM 
and to verify that the user's entitlements contained 
5 in the EMM are indeed the entitlements reserved 

for the user. 

[0012] As mentioned previously, the encrypted con- 
trol words are sent to the users by way of the ECMs. 

w [0013] When the decoder of a user recognizes the ad- 
dress of the card associated therewith among the vari- 
ous addresses distributed by the service provider, the 
EMM corresponding to the recognized address is ana- 
lysed. The analysis of the EMM is performed with the 

'5 aid of an analysis algorithm controlled by the encryption 
key K of the control words. 

[0014] If the analysis of the message EMM leads to 
the validation of the latter, the user's entitlements are 
then stored in a memory. 

20 [0015] The user card also comprises a circuit for val- 
idating the ECMs : an access control circuit and also a 
circuit for decrypting the encrypted control words. 
[0016] The circuit for validating ECMs makes it pos- 
sible to validate the access conditions. The access con- 

25 trol circuit compares the validated access conditions 
with the user's validated entitlements. If the validated 
access conditions correspond to the user's validated en- 
titlements, decryption is authorized. In the contrary 
case, decryption is not authorized. 

30 [0017] A domestic network consists of a set of domes- 
tic terminals linked together by a domestic bus such as : 
for example, the IEEE 1 394 bus. 

[0018] The term domestic terminal should be under- 
stood to mean, by way of non-limiting examples, a re- 

35 ceiver of television programmes, a digital decoder, a dig- 
ital camcorder, a reader of digital discs commonly re- 
ferred to as DVDs (the abbreviation DVD standing for 
"Digital Versatile Disc"), or else a terminal commonly re- 
ferred to as a PC (the abbreviation PC standing for "Per- 

40 sonal Computer"). 

[0019] Within the framework of a conditional access 
system such as the one according to the prior art men- 
tioned above, when a service provider subscriber de- 
sires, for example, to be able to receive the same pro- 

45 gramme on all the television receivers which form part 
of his domestic network, he is then obliged to take out 
as many subscriptions as he has television receivers. 
From the user's point of view, this presents a major 
drawback in terms of costs. 

so [0020] From the service provider's point of view, this 
also presents a major drawback. This is because it is 
impossible for the service provider to make his services 
selective with regard to the total stock of programme re- 
ceivers and, more generally of domestic terminals, 

55 which the subscriber possesses. 

[0021 ] The invention does not have these drawbacks. 
[0022] The invention relates to a process making it 
possible to control access to at least one terminal with 
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address AD by al least one scrambled item with the aid 
of at least one control word, the scrambled item being 
contained in a data stream comprising a first datum 
making it possible to identify the scrambled item, a sec- 
ond datum describing the entitlements possessed by a 
user with regard to the scrambled item, a third datum 
containing the control word encrypted with an algorithm 
with key K, the process comprising at least one step 
making it possible to decrypt the encrypted control word. 
The process comprises a step making it possible to con- 
struct at least one descrambling item containing the de- 
crypted controi word, the first datum and the address 
AD of the terminal. 

[0023] The invention also relates to a device making 
it possible to control access to at least one terminal with 
address AD by at least one scrambled item with the aid 
of at least one control word, the scrambled item being 
contained in a data stream comprising a first datum 
making it possible to identify the scrambled item, a sec- 
ond datum describing the entitlements possessed by a 
user with regard to the scrambled item, a third datum 
containing the control word encrypted with an algorithm 
with key K. The device comprises means making it pos- 
sible toconstruct a descrambling item containing the de- 
crypted control word, the first datum and the address 
AD of the terminal. 

[0024] The invention also relates to a decoder making 
it possible to descramble at least one scrambled item 
which it receives. The decoder comprises at least one 
device such as the abovementioned device according 
to the invention. 

[0025] The invention further relates to a process for 
descrambling, by a device associated with a terminal 
with address AD : at least one scrambled item with the 
aid of at least one control word. The process comprises: 

a step of receiving at least one descrambling item 
containing the control word, a datum making it pos- 
sible to identify the scrambled item and an address 
making it possible to identify a terminal, 
a step allowing the device associated with the ter- 
minal with address AD to recognize or not recog- 
nize, from among the addresses contained in the 
descrambling items received, the address AD, so 
that if the address AD is recognized the descram- 
bling is authorized and if the address AD is not rec- 
ognized, the descrambling is not authorized. 

[0026] The invention further relates to a descrambling 
device associated with a terminal with address AD and 
which makes it possible to descramble at least one 
scrambled item with the aid of at least one control word. 
The descrambling device comprises means for receiv- 
ing a descrambling item containing the control word, a 
datum making it possible to identify the scrambled item 
and an address making it possible to identify a terminal 
and for recognizing or not recognizing, from among the 
addresses contained in the descrambling items re- 
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ceived : the address AD so that, if the address AD is rec- 
ognized, the descrambling is authorized and, if the ad- 
dress AD is not recognized, the descrambling is not au- 
thorized. 

5 [0027] The invention will be more particularly de- 
scribed in the case in which conditional access relates 
to a network of domestic terminals linked together by a 
bus. More generally, however, the invention also relates 
to the case in which conditional access relates to at least 

w one user terminal configured as a network or otherwise. 
[0028] The invention advantageously enables a serv- 
ice provider to make his services selective with regard 
to a set of networked domestic terminals. 
[0029] Other characteristics and advantages of the in- 

is vention will emerge on reading a preferred embodiment 
of the invention, with reference to the appended figures 
in which: 

Figure 1 represents a device for a conditional ac- 
20 cess system containing means making it possible 
to control access by at least one programme on at 
least one domestic terminal according to the inven- 
tion; 

Figure 2 represents, according to the invention, a 
25 descrambling item making it possible to descramble 
a scrambled item; 

Figure 3 represents a device for descrambling at 
least one scrambled programme selected with the 
aid of a device for a conditional access system such 
30 as the one represented in Figure 1. 

[0030] In all the figures, the same references denote 
the same elements. 

[0031] Figure 1 represents a device for a conditional 
35 access system containing means making it possible to 

control access by at least one programme on at least 

one domestic terminal according to the invention. 

[0032] The device D1 for a conditional access system 

comprises a demultiplexing circuit 1 , a circuit 3 for inter- 
40 facing with the domestic bus B, a microprocessor 2 and 

a circuit 4 for interfacing between the microprocessor 2 

and the smart card 5. 

[0033] The demultiplexing circuit 1 receives on its in- 
put the data stream F corresponding to all the pro- 
45 grammes distributed by the service provider. Preferably, 
the stream F emanates from an analogue/digital con- 
version circuit (not represented in Figure 1) commonly 
referred to as a "front end". 

[0034] As is known to the person skilled in the art, in 
50 the case of a transport of data in the MPEG-2 format, 
the stream F comprises a succession of packets of video 
data, of packets of audio data and of packets of man- 
agement data such as, for example, the data contained 
in the ECMs and the EMMs. 
55 [0035] In its header, each packet of data comprises 
an identifier which will subsequently be denoted PtD 
(the abbreviation PID standing for "Packet IDentifier"), 
making it possible to identify both the nature of the data 
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contained in the packet (video, audio or management) 
and the programme to which this packet belongs. 
[0036] Each programme delivered by the service pro- 
vider consists of a set of programme components, each 
programme component consisting of a set of packets 
whose PIDs are identical. 

[0037] The stream F also contains an item which will 
subsequently be referred to as a PMT table (the abbre- 
viation PMT standing for "Programme Map Table") and 
which gathers together the PIDs corresponding to the 
set of programmes distributed by the service provider. 
[0038] According to the invention under the action of 
a command CD1, the microprocessor 2 generates a 
command CD2 which is applied to the demultiplexer 1. 
The command CD1 is a user command emanating, in a 
manner known per se ; from the interaction of a user with 
a domestic terminal. The command CD1 can be con- 
veyed to the microprocessor 2 in various ways. Accord- 
ing to a first embodiment, the command CD1 can be 
conveyed from the domestic terminal concerned to the 
microprocessor 2 by way of the domestic bus B. Accord- 
ing to another embodiment, the command CD1 can be 
applied to a control interface, not depicted in Figure 1 : 
and which may or may not be part of the device D1 . The 
command CD1 contains an address datum AD for the 
domestic terminal on which the user wishes to receive 
the programme which he selects. On receipt of the com- 
mand CD1, the address datum AD is stored in the mi- 
croprocessor 2. 

[0039] The PMT table corresponding to the pro- 
gramme selected is extracted from the stream F in a 
manner known per se and is forwarded to the microproc- 
essor 2. The microprocessor 2 processes the item con- 
stituted by the PMT table and extracts therefrom the 
PIDs of the selected programme. The PIDs extracted 
are then forwarded from the microprocessor 2 to the de- 
multiplexer 1. Under the action of the PIDs, the demul- 
tiplexer 1 selects the stream of scrambled data FS which 
corresponds to the selected programme, the various 
messages ECM which contain the control words making 
it possible to descramble the selected programme, as 
well as the messages EMM which contain the user's en- 
titlements with regard to the services supplied by the 
provider. 

[0040] The stream FS is forwarded from the demulti- 
plexer 1 to the interlace circuit 3 and the messages ECM 
and EMM are forwarded from the demultiplexer 1 to the 
smart card 5, via the microprocessor 2 and the interface 
circuit 4." 

[0041] As is known to the person skilled in the art, the 
smart card 5 contains five main circuits (not represented 
in Figure 1); 

a circuit for validating the user's entitlements: 

a circuit for storing the user's validated entitlements; 

an access control circuit; 

a circuit for validating the messages ECM; 

a circuit for decrypting the encrypted control words. 
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[0042] As mentioned earlier the validation circuit 
makes it possible to perform, on the messages EMM. 
the operations for recognizing the address of the user 
and for analysing the user's entitlements. To this end. 

5 the validation circuit contains the key K of the algorithm 
for encrypting the control words. If the message EMM 
is validated, the user's entitlements contained in the 
message EMM are stored in the circuit for storing the 
validated entitlements. 

10 [0043] According to the invention, in the case in which 
the domestic terminals are networked, the user's vali- 
dated entitlements are divided, preferably into two cat- 
egories; 

'5 - a first category of entitlements relates to the intrinsic 
entitlements which a user possesses with regard to 
at least one programme distributed by the service 
provider > 

a second category of entitlements relates to the re- 
20 distribution entitlements which the service provider 

grants to a user within the user's domestic network. 

[0044] By way of non-limiting example, the re-distri- 
bution entitlement which a service provider grants to a 

25 user within his domestic network may take the form of 
the number of different terminals on which the service 
provider authorizes the user to receive a programme. It 
may also be a maximum number of different pro- 
grammes for which the service provider authorizes un- 

30 enciphered reception, whatever these programmes 
may be. 

[0045] As mentioned earlier the circuit for validating 
the ECMs makes it possible to validate the access con- 
ditions contained in the ECMs. To this end, the circuit 
35 for validating the ECMs contains the key K of the algo- 
rithm for encrypting the control words. 
[0046] Thus, the access control circuit compares the 
validated access conditions with the user's validated en- 
titlements relating to the first category of entitlements 
40 mentioned above. 

[0047] If the validated access conditions correspond 
to the user's validated entitlements, decryption of the 
control words is authorized. In the contrary case, de- 
cryption is not authorized. 
45 [0048] In the case in which decryption of the encrypt- 
ed control words is authorized, the decrypted control 
words CW are forwarded, via the interface circuit 4 : from 
the smart card 5 to the microprocessor 2. 
[0049] Each decrypted control word CW makes it pos- 
50 sible to descramble the scrambled item constituted by 
a programme component. As mentioned earlier, each 
programme component consists of a set of packets 
whose PIDs are identical. It follows that to each control 
word CW there corresponds a PID which will subse- 
ts quently be denoted PI D(CW) and which makes it possi- 
ble to identify the scrambled item. 
[0050] According to the invention, the microprocessor 
2 constructs, for each decrypted control word, a de- 
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scrambling item I containing the decrypted control word 
CW, the datum PID(CW) which makes it possible to 
identify the programme component to be descrambled 
and the address datum AD of the domestic terminal from 
which the command for access to the selected pro- 
gramme emanates. 

[0051] As is known to the person skilled in the art, 
there are cases for which a single message ECM con- 
tains two control words. A first control word is one which 
makes it possible to descramble the component of the 
programme currently being read and a second control 
word one which makes it possible to descramble the 
component of the programme which follows the compo- 
nent of the programme currently being read. According 
to the invention, preferably, in cases such as those men- 
tioned above, the item I contains an additional datum 
making it possible to indicate whether the decrypted 
control word which it contains is of the first type or of the 
second type. 

[0052] In a manner known per se : the item I also com- 
prises a header H making it possible to define, inter alia, 
the type and size of the data which it contains. 
[0053] The interlace circuit 3 receives the stream FS 
output by the demultiplexer 1 as well as the item I output 
by the microprocessor 2. 

[0054] According to a first embodiment of the inven- 
tion, the re-distribution entitlements DR for the pro- 
grammes which are stored in the smart card 5 are trans- 
ferred, via the interface 4 and the microprocessor 2, to 
a memory circuit situated, for example, in the interface 
circuit 3. This copying of the entitlements DR into a 
memory circuit can be performed once and for alt, but it 
can also advantageously be performed whenever these 
entitlements are modified. 

[0055] If the re-distribution entitlements DR for the 
programmes supplied by the service provider so author- 
ize, the request for a programme whose descrambling 
is itself authorized takes the form of the forwarding to 
the domestic terminal from which the request emanates, 
via the domestic bus B : of the selected stream FS and 
of the various items I containing the address of the do- 
mestic terminal. Authorization to distribute the pro- 
gramme within the domestic network is controlled by a 
signal arising from the comparison between the entitle- 
ments DR and the various commands originating, via 
the bus B, from domestic terminals. The comparator cir- 
cuit which performs the said comparison can, for exam- 
ple, be included within the interface circuit 3. 
[0056] According to a second embodiment of the in- 
vention, the entitlements DR are not transferred to a 
memory circuit as mentioned above. It is the various 
commands TD originating from the domestic terminals 
which are transferred, via the microprocessor 2 and the 
interface 4, to a memory area of the smart card 5. The 
comparison of the entitlements DR and of the com- 
mands TD originating from the domestic terminals is 
then performed by a comparison circuit such as. for ex- 
ample, the access control circuit situated in the smart 



card 5. A signal S arising from the comparison between 
the entitlements DR and the commands TD is trans- 
ferred, via the interface circuit 4, from the smart card 5 
to the microprocessor 2 which then generates a com- 
s mand CS making it possible to authorize or not author- 
ize, in whole or part, the programme requests originating 
from the domestic terminals. 

[0057] According to the invention, the item I allowing 
the descrambling of a programme is not part of the 

w stream FS in the MPEG-2 format. The item I travels via 
the asynchronous link of the domestic bus B and is for- 
warded only to the terminal from which the programme 
request emanates. The stream FS preferably travels via 
the isochronous link of the bus B. Advantageously, ac- 

is cording to the invention, it is then unnecessary for the 
control words which travel around the domestic network 
to be encrypted. 

[0058] According to the invention, the decrypted con- 
trol words which travel around the domestic network are 

20 no longer synchronized with the data which they have 
to decrypt in the same way as in the prior art. Advanta- 
geously it is however unnecessary to devise specific 
signals to ensure the synchronization of a control word 
and of the programme component which this control 

25 word is to descramble. Given the bit rates allowed for 
by the asynchronous channel of the bus B (in the exam- 
ple of the IEEE 1394 bus, this bit rate is of the order of 
4 Mbytes/s), this synchronization is ensured without dif- 
ficulty. 

30 [0059] According to the invention, a device for a con- 
ditional access system such as the one represented in 
Figure 1 can be associated, within the same decoder, 
with various circuits allowing the local descrambling of 
scrambled data. The term local descrambling of scram- 

35 bled data should be understood to mean a descrambling 
of data in the decoder itself. Such a decoder then com- 
prises, in a manner known per se, a descrambler circuit, 
a demultiplexer circuit and a video and audio decoder 
in the MPEG-2 format. The locally descrambled data are 

40 preferably descrambled in the same way as described 
earlier according to the prior art. 

[0060] As mentioned earlier, preferably, a decoder 
such as that described above can also comprise, on its 
input, an analogue/digital converter commonly referred 
4S to as a "front end". 

[0061] Figure 2 represents, according to the inven- 
tion, a descrambling item making it possible to descram- 
ble a scrambled item. 

[0062] The item represented in Figure 2 is the item I 

50 mentioned above. 

[0063] The item I constitutes a message containing a 
header 6 whose contents H make it possible to define, 
inter alia, the type and size of the data contained in the 
message, a datum 7 containing the address AD of a do- 

55 mestic terminal having sent a request for access to a 
programme, a datum 8 containing a decrypted control 
word CW intended to descramble a programme compo- 
nent, a datum 9 containing the datum PID(CW) and, ac- 
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cording to a particular embodiment of the invention, a 
datum 10 containing an item X making it possible to in- 
dicate whether the control word CW is a control word of 
the first type or of the second type. According to other 
embodiments of the invention, the item I does not con- 
tain the datum 10. 

[0064] Figure 3 represents a device for descrambling 
at least one scrambled programme selected with the aid 
of a device for a conditional access system such as the 
one represented in Figure 1 . According to the invention, io 
a device such as that represented in Figure 3 is associ- 
ated with a domestic terminal. 

[0065] The descrambling device D2 comprises an in- 
terface circuit 11 , a descrambling and demultiplexing cir- 
cuit 1 2 and a video and audio decoder 1 3. 15 
[0066] The interface circuit 1 1 is linked by at least two 
access ports to the domestic bus B. By way of a first 
access port A1 ; the interface circuit 11 receives, in a 
manner known per se, the data stream selected by the 
domestic terminal with which it is associated as well as 20 
the data stream or streams selected by the domestic ter- 
minal or terminals situated upstream of the domestic ter- 
minal with which it is associated. According to the inven- 
tion, the circuit 11 also receives, via the first access port 
A1, the various descrambling items I which correspond 25 
to the set of programmes selected. 
[0067] In the case in which the interface circuit 1 1 rec- 
ognizes, from among the descrambling items I which it 
receives, the items IT containing the address of the do- 
mestic terminal with which it is associated, it selects 30 
them and forwards them to the circuit 12. The items IT 
contain the whole of the item necessary for parametriz- 
ing the descrambling circuit 12(CW : PID(CW)), X). 
[0068] The data stream FST which corresponds to the 
items IT recognized is forwarded to the descrambling os 
and demultiplexing circuit 12. Under the action of the 
control words CW, the scrambled data of the stream 
FST are descrambled. In a manner known per se ; the 
descrambled data are demultiplexed so as to recon- 
struct video and audio data in the MPEG-2 format. The *o 
video and audio data in the MPEG-2 format are then 
forwarded from the circuit 1 2 to the video and audio de- 
coder 13. The data output by the video and audio de- 
coder 13 are then forwarded to the domestic terminal 
with which the device D2 is associated. 45 
[0069] tn the case in which the interface circuit 11 re- 
ceives a scrambled data stream selected by a domestic 
terminal situated upstream of the domestic terminal with 
"which it is associated, this data stream as well as the 
messages of type I containing the control words for de- so 
scrambling it are steered towards the second access 
port A2 and forwarded over the domestic network. 
[0070] By way of the domestic bus B linked to the ac- 
cess port A2, the stream of scrambled data as well as 
the messages of type I containing the control words for 55 
descrambling the data stream are then forwarded to the 
descrambling device associated with the domestic ter- 
minal from which the programme request emanates. 
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[0071] According to the invention, access control is 
carried out in its entirety by the device Dl. Each de- 
scrambling device associated with a domestic terminal 
is thus independent of the access control system to 
which it is linked. Advantageously, it follows that the do- 
mestic network is compatible with numerous different 
conditional access systems. 

[0072] As mentioned earlier, the control words which 
travel around the domestic network are control words 
arising from an operation for decrypting the encrypted 
control words supplied by a service provider. Thus, ac- 
cording to the preferred embodiment of the invention, 
the control words which travel around the domestic net- 
work are unenciphered control words. 
[0073] However, the invention also relates to the case 
in which the control words which travel around the do- 
mestic network are encrypted control words. The en- 
cryption of the control words is then an encryption per- 
formed at the level of the domestic network itself by an 
encryption device situated, preferably, at the head of the 
network. Encryption of the control words which travel 
around the domestic network finds a particular advan- 
tage in cases in which the user of the domestic network 
desires to increase the level of protection of the items 
which travel around the network. In the case in which 
the control words which travel around the domestic net- 
work are encrypted, each descrambling device compris- 
es a circuit making it possible to decrypt them before the 
descrambling operation is performed. 

Claims 

1. Process making it possible to control access to at 
least one terminal with address AD by at least one 
scrambled item (FS) with the aid of at least one con - 
trol word (CW) : the scrambled item (FS) being con- 
tained in a data stream (F) comprising a first datum 
(PID(CW)) making it possible to identify the scram- 
bled item (FS), a second datum (EMM) describing 
the entitlements possessed by a user with regard 
to the scrambled item, a third datum (ECM) contain- 
ing the control word (CW) encrypted with an algo- 
rithm with key K t the process comprising at least 
one step making it possible to decrypt the encrypted 
control word, characterized in that it comprises a 
step making it possible to construct at least one de- 
scrambling item (I) containing the decrypted control 
word (CW), the first datum (PID(CW)) and the ad- 
dress (AD) of the terminal. 

2. Process according to Claim 1 , characterized in that 
it comprises a step of transferring, to the terminal, 
the descrambling item (I) and the scrambled item 
(FS). 

3. Process according to Claim 1 or 2, characterized in 
that the transferring of the descrambling item (I) is 
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carried out asynchronously with the scrambled item 
(FS). 

4. Process according to any one cf Claims 1 to 3 : char- 
acterized in that it allows the control of access with 
regard to at least two different networked terminals. 

5. Process according to Claim 4, characterized in that 
it comprises a step of storing user entitlements (DR) 
relating to the distributing of the scrambled item 
within the network, a step of transferring, to a com- 
parison circuit, commands (TD) issued by all or 
some of the networked terminals and a step of com- 
paring the user entitlements (DR) stored with the 
commands issued by all or some of the networked 
terminals. 

6. Device allowing conditional access to at least one 
terminal with address AD by at least one scrambled 
item (FS) with the aid of at least one control word 
(CW), the scrambled item (FS) being contained in 
a data stream (F) comprising a first datum (PID 
(CW)) making it possible to identify the scrambled 
item (FS), a second datum (EMM) describing the 
entitlements possessed by a user with regard to the 
scrambled item, a third datum (ECM) containing the 
control word (CW) encrypted with an algorithm with 
key K : characterized in that it comprises means (1, 
2) making it possible to construct a descrambling 
item (t) containing the decrypted control word (CW) : 
the first datum (PID(CW)) and the address (AD) of 
the terminal. 

7. Device according to Claim 6, characterized in that 
it comprises means (3 ; B) making it possible to 
transfer to the terminal the descrambling item (I) 
and the scrambled item (FS). 

8. Device according to Claim 7, characterized in that 
the means (3, B) making it possible to transfer to 
the terminal the descrambling item (I) and the 
scrambled item (FS) comprise a data bus (B) con- 
taining an asynchronous link via which the de- 
scrambling item (I) is forwarded. 

9. Device according to Claim 8, characterized in that 
it comprises means making it possible to authorize 
the distributing of at least one scrambled item (FS) 
on at least two networked terminals. 

10. Device according to Claim 9, characterized in that 
the means making it possible to authorize the dis- 
tributing of at least one scrambled item (FS) on at 
least two networked terminals comprise a memory 
circuit making it possible to store user entitlements 
(DR) relating to the distributing of the scrambled 
item over the network and a circuit making it possi- 
ble to compare the user entitlements (DR) stored 



217 A1 




with commands issued by all or some of the net- 
worked terminals. 

1 1 . Decoder main it possible to descrambte at least one 
5 scrambled item which it receives, characterized in 

that it comprises at least one device according to 
any one of Claims 6 to 10. 

12. Process for descrambling. by a device associated 
w with a terminal with address AD : at least one scram- 
bled item (FS) with the aid of at least one control 
word (CW), characterized in that it comprises: 

a step of receiving at least one descrambling 
15 item (I) containing the control word (CW), a da- 

tum (PID(CW)) making it possible to identify the 
scrambled item and an address (AD) making it 
possible to identify a terminal, 
a step allowing the device associated with the 
20 terminal with address AD to recognize or not 

recognize, from among the addresses (AD) 
contained in the descrambling items (I) re- 
ceived, the address AD : so that if the address 
AD is recognized the descrambling is author- 
25 ized and if the address AD is not recognized, 

the descrambling is not authorized. 

13. Descrambling device associated with a terminal 
with address AD and which makes it possible to de- 

30 scramble at least one scrambled item (FS) with the 

aid of at least one control word (CW), characterized 
in that it comprises means (11) for receiving a de- 
scrambling item (I) containing the control word 
(CW), a datum (PID(CW)) making it possible to 

35 identify the scrambled item and an address (AD) 

making it possible to identify a terminal and for rec- 
ognizing or not recognizing, from among the ad- 
dresses contained in the descrambling items re- 
ceived, the address AD so that, if the address AD 

40 is recognized, the descrambling is authorized and, 
if the address AD is not recognized, the descram- 
bling is not authorized. 

45 
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